[HADOOP-18050] Document Hadoop's stance on the log4jshell vulnerability - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Blocker
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: documentation
Labels:
- pull-request-available

Description

As of today, Hadoop relies on log4j-1, not log4j2. It is understood that the log4jshell vulnerability (CVE-2021-44228) does not impact log4j-1. Given the widespread attention to the incidence, we should make it clear that Hadoop is not susceptible to the attack.

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #34

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Wei-Chiu Chuang

Reporter:: Wei-Chiu Chuang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Dec/21 13:50

Updated:: 20/Dec/21 07:34

Resolved:: 20/Dec/21 07:34

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Document Hadoop's stance on the log4jshell vulnerability